Configure Azure consumption (billing) inputs for the Splunk Add-on for Microsoft Cloud Services¶
Configure your inputs on the Splunk platform instance responsible for collecting data for this add-on, usually a heavy forwarder. You can configure inputs using Splunk Web, which is a best practice.
Prerequisites¶
Before you enable inputs, complete the following steps in the configuration process:
- Configure an Active Directory Application in Azure AD for the Splunk Add-on for Microsoft Cloud Services
- Connect to your Azure App Account with Splunk Add-on for Microsoft Cloud Services
The Azure Consumption(Billing) input for the Splunk Add-on for Microsoft Cloud Services is not compatible with Azure Reservation Recommendation and Azure Billing and Consumption inputs in the Microsoft Azure Add-on for Splunk.
The Azure Consumption (Billing) input for the Usage Details data type collects data until one day prior to the current UTC time at every interval invocation.
Configure inputs using Splunk Web¶
Configure your inputs using Splunk Web on the Splunk platform instance responsible for collecting data for this add-on, usually a heavy forwarder.
- In the Splunk Add-on for Microsoft Cloud Services, select Inputs.
- Select Create New Input and then select Azure Consumption(Billing).
- Enter the Name, Azure App Account, Subscription ID, Data Type, Interval, Index, Sourcetype, Max days to query and Start Date using the information in the following Input parameters table.
Configure inputs using configuration files¶
Configure your inputs using the configuration files on the Splunk platform instance responsible for collecting data for this add-on, usually a heavy forwarder.
- In your Splunk platform deployment, navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-cloudservices/local.
- Create a file named inputs.conf, if it does not already exist.
- Add the following stanza for consumption input:
- Input configuration for the Usage Details data type
[mscs_azure_consumption://<input_stanza_name>] account = <value> data_type = Usage Details index = <value> interval = 86400 query_days = <value> sourcetype = mscs:consumption:billing start_date = <value> subscription_id = <value> - Input configuration for Reservation Recommendation data type
[mscs_azure_consumption://<input_stanza_name>] account = <value> data_type = Reservation Recommendation index = <value> interval = 86400 sourcetype = mscs:consumption:reservation:recommendation subscription_id = <value>
- Input configuration for the Usage Details data type
- Save and restart the Splunk platform.
Input parameters¶
Each attribute in the following table corresponds to a field in Splunk Web:
Attribute |
Corresponding field in Splunk Web |
Description |
|---|---|---|
|
Name |
A friendly name for your input. Name cannot contain any whitespace. |
|
Azure Account |
The Azure App account from which you want to collect data. Name cannot contain any whitespace. |
|
Subscription ID |
The Azure Subscription ID. |
|
Data Type |
Data Types:
The default is Usage Details |
|
Interval |
The number of seconds to wait before the Splunk platform runs the command again. The default is 86400 seconds. |
|
Index |
The index in which to store Azure Consumption data. |
|
Sourcetype |
Select the respective sourcetype based on the configured Data Types
The default is |
|
Max days to query |
Specify the maximum number of days to query The default is 10 days Only visible and applicable when data type is Usage Details When Usage Details data type is selected, each time this input runs a start date, it is calculated for the Usage Details API query. The end date for the Usage Details API query will be calculated as the start date plus the number of days specified by this parameter. For example, if the calculated start date is 2022-01-01T00:00:00 (midnight on January 1, 2022), the end date for the query will be 2022-01-11T00:00:00 if the Max days to query is 10 days. |
|
Start Date |
Select a Start Date to specify how far back to go when initially collecting data The default is 90 days in the past Only visible and applicable when data type is Usage Details |